On Thu, Feb 7, 2013 at 3:33 AM, Joerg Roedel <j...@8bytes.org> wrote: > On Wed, Feb 06, 2013 at 07:08:24PM -0800, Andy Lutomirski wrote: >> - if (x2apic_present) >> - WARN(1, KERN_WARNING >> - "Failed to enable irq remapping. You are vulnerable >> to irq-injection attacks.\n"); >> - >> + irq_remapping_is_secure = 0; >> return -1; >> } > > Why do you remove this warning? It seems unrelated to the rest of the > patch.
The idea is that setting irq_remapping_is_secure = 0 makes you (much less) vulnerable to irq-injection attacks: you're vulnerable to malicious hardware but not to attack via vfio or kvm, because those paths are disabled. I'd have no problem leaving the warning in and letting whoever manages to trigger it and get annoyed fix it. FWIW, it's actually likely to be interesting if the warning hits. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
